Messages

Practical experience over about 10 years with openVPN and then the last maybe 5-6 years with WG:

Configure more than one dynDNS fpr each IP to be monitored. Nearly no service interruption, only if the net access provider fails to do what he is paid for.

Experience of others in this forums, too...

For stable VPN connections static IP addresses are mandatory, IMHO.

Hell, no, works just fine.

I never used anything else.

So, how can you know in the first place? With zero practical experience with WG and DynDNS? I prefer to post only on issues I personally have experience with...

serious question: and this problem really can't be adressed adequately by the cron job on DNS resolution of wireguard endpoints outtlined above? really?

Golden rule of FOSS: If not everybody can reproduce, it's YOUR bug. Sorry, that's the way it is.

Various WG tunnels here, no problems with reboots for years...

Which bug?

I added out and in rule because I need to be able to register the camera to the NVR and it needs bi directional traffic?
The rules right below block all traffic between those networks if I understand them correctly.

No, read about "stateful firewall".

How about ipv6?

rule 1 and 2: /32 instead of /24

why OUT rules? normally only IN needed. IN with respect to the interface....

Hi, I see different problems with your BLOCK rule:

- You want to block ipv6 traffic for ipv4 adresses (in your cam alias)? What is the status for ipv6 on your LAN? Place a general block ipv6 above your block rule and reduce the existing block rule to ipv4 protocols.

- Do your cams get reserved (static mapping, always identical) IPs (based on MAC) via DHCP? Only in this case the block rule will block the cams reliably.

Cheers (noisy in here... hohoho)

https://www.startpage.com/do/dsearch?q=problem+pppoe+opnsense&cat=web&language=english

and so...

https://www.youtube.com/watch?v=pAyKJAtDNCw

I know, it's not really giving comfort, but...

Skip ssh rules in your config for Suricata. Done.

Are you exposing ports on WAN?

If not: why run Suricata on that interface in the first place? To watch and see that the internet is a bad, bad place? :-D

Or at least disabel SSH rules, if no ssh port open...

System -> Configuration -> History vielleicht...

Hi, hier 25.7.8 und alle logs normal mit Firefox (latest)...

Anderer Browser (Palemoon) kann seit Jahren keine Logs der OPNsense darstellen. Browser gewechselt?

Related:

https://github.com/opnsense/core/issues/8386

?

Just an idea: NAS only allowing access from LAN IPs?